CVE-2020-26835

Summary

SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an attacker to input malicious java script in the URL which could be executed in the browser resulting in Reflected Cross-Site Scripting (XSS) vulnerability.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver AS ABAP< 740affected
SAP SESAP NetWeaver AS ABAP< 750affected
SAP SESAP NetWeaver AS ABAP< 751affected
SAP SESAP NetWeaver AS ABAP< 752affected
SAP SESAP NetWeaver AS ABAP< 753affected
SAP SESAP NetWeaver AS ABAP< 754affected

Weaknesses

  • Cross Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References